web analytics

Hackers Steal 17M Patient Records in Attack on 3 Hospitals – Source: www.databreachtoday.com

hackers-steal-17m-patient-records-in-attack-on-3-hospitals-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author:

Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime , Governance & Risk Management

IT Outage, Downtime Procedures Affecting Services at California Healthcare Provider Marianne Kolbasuk McGee (HealthInfoSec) • December 13, 2024    

Hackers Steal 17M Patient Records in Attack on 3 Hospitals
PIH Health Whittier Hospital is among facilities affected by a Dec. 1 ransomware attack on the California healthcare system (Image: PIH Health)

Cybercriminals claim they stole 17 million patient records from a southern California regional healthcare provider that is still struggling with IT and phone systems outages that have been disrupting patient care since the organization was hit by a ransomware attack on Dec. 1.

See Also: Using the Netskope HIPAA Mapping Guide

PIH Health, in a statement Wednesday, said three of its hospitals – Downey Hospital, Good Samaritan Hospital and Whittier Hospital – as well as its urgent care centers, doctor offices, home health and hospice agency – are affected by the attack.

The organization serves more than 3 million residents in Los Angeles and Orange counties and throughout the San Gabriel Valley.

“PIH Health is working with cyber forensic specialists to assess the issue. Impacted individuals will be notified if protected health information is found to be compromised,” the statement said.

The organization in its statement did not mention claims of cybercriminals who reportedly faxed letters to PIH Health last week threatening to publish 2-terabytes of data containing millions of patients’ information that was stolen in the attack.

According to a report Thursday by the Los Angeles Daily News, the news outlet’s parent company, Southern California News Group, received a copy of the threat actors’ letter from a PIH Health employee.

“Be informed, there was a Ghost in your network!” the letter said, according to the LA Daily News. “So the ghost has taken your data as evidence, and if you’re not going to cooperate and make a deal, then all your confidential files will be published on the internet.”

The letter does not mention a specific ransom demand or identify the cybercriminal gang claiming responsibility for the attack, LA Daily News said.

Affected Patient Services

As it deals with its IT outage, PIH Health said its emergency room and urgent care centers are still open, and all facilities, including hospitals, medical offices, home health, hospice, imaging and laboratory service are operating under the organization’s downtime procedures.

“We are doing everything possible to minimize cancellations, but some procedures and surgeries may be cancelled due to the technology issues,” PIH said.

“The physician’s office or hospital will contact you if rescheduling is necessary.” Online appointment scheduling is unavailable due to the outage.

PIH Health outpatient laboratories and radiology departments are also open. “However, because we do not have access to any electronic orders, you must bring a paper copy of your physician order to your appointment. You may have to visit your physician’s office if you do not have a copy of the original order,” PIH told patients in the statement.

Test results may take longer than usual as PIH works through the situation, the PIH added.

Patient drug prescription processes at its pharmacies also are affected, including refills of existing prescriptions and new orders.

“Bring your most recent medication container from a PIH Health pharmacy with the label on to any PIH Health pharmacy. Our team can use the details to refill it for you,” PIH said, adding that its pharmacies are currently only accepting cash payments.

For filling new prescriptions, PIH is instructing patients to bring a paper prescription from their physician, “including their name and phone number, along with your most current prescription insurance card, to the PIH Health or retail pharmacy. However, PIH Health Pharmacies cannot fulfill controlled substances from a paper prescription.”

PIH said has reported the network outage to law enforcement, including local police and fire departments, and is working with the FBI.

PIH did not immediately respond to Information Security Media Group’s request for additional details about the incident and for comment regarding the cybercriminals’ claims.

The recent ransomware attack is not PIH’s only major hacking incident. In 2020, the organization reported an email phishing breach affecting 200,000 people, resulting in flurry of class action lawsuits (see: Law Firms Race to File Phishing Breach Lawsuits).

By Friday, several law firms were already circling PIH.

“If you received a notification that your personal data has been exposed on the dark web or believe that your information was impacted by this data breach, you may be entitled to compensation,” said Lynch Carpenter LLP in a public statement on Wednesday. Multiple national law firms claim to be investigating the PIH incident.

Wider Impact

If the ransomware threat actors’ claims about stealing 17 million patient records are accurate, the PIH Health incident could potentially become the second-largest health data breach this year, based on major breaches posted as of Friday on the U.S. Department of Health and Human Services’ HIPAA Breach Reporting Tool website.

Mike Hamilton, field CISO at security Lumifi, predicts these kinds of disruptive cyber assaults and data thefts in healthcare and other sectors will continue through 2025 – unless the U.S. government takes action.

“Neither market forces nor regulation are working to protect healthcare from cybercrime and intentional disruption,” he said. “None of this will stop until the federal government gets serious about treating the country’s logical border as if it were a physical border and use allow-listing to receive only preauthorized traffic,” he said. “If China can do it with their ‘great firewall,’ so can the United States.”

In addition, “a national privacy statute that supersedes states’ private right of action will help to preserve what’s left of healthcare in the United States, rather than continuing to sue hospitals out of existence,” he said.

Original Post url: https://www.databreachtoday.com/hackers-steal-17m-patient-records-in-attack-on-3-hospitals-a-27059

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

SCYTHE
Better Cybersecurity Metrics – SOC Metrics – Threat Hunting Metrics – Cyber Threat Intelligence (CTI) Metrics – Incident Response (IR) Metrics for CISOs by SCYTHE
Better Cybersecurity Metrics – SOC...
Joas Antonio
100 Security Operation Tools for SOCs by Joas Antonio
100 Security Operation Tools for...
Joas Antonio
Guide for Multi-Cloud Read Team AWS – GCP – AZURE by Joas Antonio
Guide for Multi-Cloud Read Team...
SANS
SANS Faculty Cybersecurity Free Tools – SANS Instructors have built more than 150 open source tools that support your work and help you implement better security.
SANS Faculty Cybersecurity Free Tools...
Ciso Council
CISO Security Officer Handbook
CISO Security Officer Handbook
Splunk
81 Siem Very important Use Cases for your SOC by SPLUNK
81 Siem Very important Use...
Vendict
The 2024 CISO Burnout Report by Vendict
The 2024 CISO Burnout Report...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...

LASTEST PUBLISHED POSTS

Cyberint
Retail Threat Landscape Report Q1-Q3 – November 2024 Summary by Cyberint a Check Point Company
Retail Threat Landscape Report Q1-Q3...
NCSC
Protecting Critical Supply Chains – A Guide to Securing your Supply Chain Ecosystem
Protecting Critical Supply Chains –...
Culture AI
Time to Adapt – The State of Human Risk Management in 2024 by Culture AI.
Time to Adapt – The...
National Cyber Security Centre
Engaging with Boards to improve the management of cyber security risk.
Engaging with Boards to improve...
Microsoft Security
2024 State of Multicloud Security Report by Microsoft Security
2024 State of Multicloud Security...
bugcrowd
Inside the Mind of a CISO 2024 The Evolving Roles of Security Leaders 2024 by bugcrowd
Inside the Mind of a...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Lacework
CISO’s Playbookto Cloud Security by Lacework
CISO’s Playbookto Cloud Security by...
MITRE - Carson Zimmerman
Ten Strategies of a World-Class Cybersecurity Operations Center by MITRE
Ten Strategies of a World-Class...
SILVERFRONT - AIG
Identity Has Become the Prime Target of Threat Actors by Silverfort AIG.
Identity Has Become the Prime...
CYZEA.IO
Enterprise Information Security
Enterprise Information Security
IGNITE Technologies
ENCRYPTED REVERSE
ENCRYPTED REVERSE

More Latest Published Posts

WORLD BANK GROUP
Global Cybersecurity Capacity Program
Global Cybersecurity Capacity Program
Gary Hinson
Getting started withsecurity metrics
Getting started withsecurity metrics
EDPS
Generative AI and the EUDPR.
Generative AI and the EUDPR.
Bright
2024 Guide to Application Security Testing Tools
2024 Guide to Application Security Testing Tools
HADESS
Hacker Culture
Hacker Culture
Quuensland Govermment
RISK ASSESSMENT PROCESS HANDBOOK
RISK ASSESSMENT PROCESS HANDBOOK
Ministry of MOS Security
HIPAA SIMPLIFIED
HIPAA SIMPLIFIED
Hacker Combat
How Are Passwords Cracked?
How Are Passwords Cracked?
CIS - Center for Internet Security
How to Plan a Cybersecurity Roadmap in Four Steps
How to Plan a Cybersecurity Roadmap in Four Steps
ACSC Australia
Information Security Manual
Information Security Manual
Kaspersky
Incident Response Playbook: Dark Web Breaches
Incident Response Playbook: Dark Web Breaches
ninjaOne
Endpoint Hardening Checklist
Endpoint Hardening Checklist
HADESS
Important Active Directory Attribute
Important Active Directory Attribute
ISA GLOBAL CYBERSECURITY ALLIANCE
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
Rajneesh Gupta
IAM Security CHECKLIST
IAM Security CHECKLIST
sqrrl
Hunt Evil
Hunt Evil
Searchinform
How to protect personal data and comply with regulations
How to protect personal data and comply with regulations
Giuseppe Manco
Threat Intelligence Platforms
Threat Intelligence Platforms
CSA Cloud Security Alliance
Hardware Security Module(HSM) as a Service
Hardware Security Module(HSM) as a Service
IGNITE Technologies
CREDENTIAL DUMPING FAKE SERVICES
CREDENTIAL DUMPING FAKE SERVICES
IGNITE Technologies
A Detailed Guide on Covenant
A Detailed Guide on Covenant
NIST
Computer Security Incident Handling Guide
Computer Security Incident Handling Guide
IGNITE Technologies
DIGITAL FORENSIC FTK IMAGER
DIGITAL FORENSIC FTK IMAGER
Accedere
Cloud Security Assessment
Cloud Security Assessment
YL VENTURES
CISO Reporting Landscape 2024
CISO Reporting Landscape 2024
CISO Edition
Reporting Cyber Risk to Boards
Reporting Cyber Risk to Boards
CIOB
CIOB Artificial Intelligence (AI) Playbook 2024
CIOB Artificial Intelligence (AI) Playbook 2024
INCIBE & SPAIN GOVERNMENT
Nuevas normativas de 2024 de ciberseguridad para vehículos
Nuevas normativas de 2024 de ciberseguridad para vehículos